This invention relates in general to public key infrastructure, and more particularly relates to controlling use of the private key of a user in a public key infrastructure
Distributed computing environments are becoming increasingly ubiquitous. Perhaps the best known distributed computing environment is the Internet, which is a worldwide system of interconnected computer networks. Each of these computer networks may itself include a group of interconnected computers, together with the hardware and software required to connect them. These computers include client computers and server computers. A server is a computer that makes information and services available. A client is a computer that downloads, uploads or otherwise exchanges information and services from the server using a browser. A browser is a client program that allows users to read hypertext documents on the Internet, and to navigate between different hypertext documents.
Electronic mail provides an efficient means of data exchange in distributed computing environments. Data is also exchanged through visitors to web sites completing web forms and directly entering information into databases. This data exchange is vulnerable to being intercepted by unauthorized third parties. Further, this risk is increased where, as in the case of the Internet, the public has substantially unrestricted access to the distributed computing environment.
To preserve confidentiality in the event of interception, data may be encrypted. One means of encrypting messages that has been widely adopted is public key infrastructure (PKI). In order to preserve, the confidentiality of a transmission between two parties using this encryption method, both parties must have secret or private keys that are used to encrypt each message. In this method, both the information sender and the information recipient have a pair of keys, one of which is private key that the party keeps secret, and the other of which is a public key that the party makes available to others. The encryption method is asymmetric: if a user""s public key was used to encrypt a message, then the user""s private key must be used to decrypt the message. In other words, only the recipient can decrypt a message that was encrypted using the recipient""s public key, as the recipient""s private key is required to decrypt such a message.
By tradition, the xe2x80x9cdigital signaturexe2x80x9d, calculated by computing the hash function of the message to be sent and then encrypting the digital signature using the private key of the sender, guarantees that the message originated from the sender. However, if someone other than the sender is able to encrypt messages using the private key, then messages encrypted using the private key may not have originated from the sender.
Much of the benefit of public key infrastructure is lost if adequate measures are not taken to preserve the secrecy of each user""s private key. Many users simply store their private key on their client computers hard drive under a xe2x80x9cprivate keyxe2x80x9d subdirectory. Other users store the private key on a disk which they take with them, but from which anyone else can readily download their private key. This behavior substantially reduces the integrity of the system, as it increases the risk that data will be intercepted by one who knows, or can find out, the private key required to decrypt or encrypt the data.
A further problem with encryption using conventional software is that it is not always available. Specifically, some electronic messaging systems do not provide for encryption. While documents can be encrypted before being attached to messages sent by such electronic messaging systems, this increases the number of steps required for encryption and decryption and, accordingly, reduces the likelihood that encryption will actually be used.
Accordingly, there is a need for a method and system of permitting encryption in a number of different electronic messaging, database entry, web form completion and other data exchange services, while restricting access to a private key so that only the actual user of that private key can use the key to encrypt or decrypt messages.
An aspect of one object of the present invention is to provide an improved encryption/decryption system.
In accordance with the aspect of the present invention is provided an encryption/decryption system for providing restricted use of eachxe2x80x9d key in a plurality of keys to preserve confidentiality of the plurality of keys. Each key is usable by an associated user in a public key infrastructure to encrypt and decrypt data. The encryption/decryption system comprises:
(a) A key storage means for storing a plurality of key;
(b) User authentication means for determining whether a prospective user of a key in a plurality of keys is the associated user of the key; and
(c) An encryption/decryption means for encrypting and decrypting data using the plurality of keys when the user authentication means authenticates the prospective user. The encryption/decryption means is operable in a browser on a client computer.
Preferably, for each key in the plurality of keys a biometric standard determined by measuring a selected feature of the associated user is stored in the key storage means. Further, the user authentication means comprises means for:
(i) Measuring the selecting feature of a prospective user;
(ii) Determining if the selected feature measured sufficiently correspond to the biometric standard;
(iii) Granting use of the key to the prospective user if the selected feature as measured sufficiently corresponds to the biometric standard; and
(iv) Denying use of the key to the prospective user if the selected feature as measured insufficiently corresponds to the biometric standard.
An object of a second aspect of the invention is to provide an improved computer program product for encryption/decryption.
In accordance with this second aspect of the present invention there is provided a computer program product for use on a computer system to provide restricted use of each key in a plurality of keys to preserve confidentiality of the plurality of keys. Each key is usable by an associated user in a public key infrastructure to encrypt and decrypt data. The computer program product comprises a recording medium and means recorder on the recording medium for instructing the computer system to perform the following steps:
(a) Storing a plurality of keys;
(b) Determining whether a prospective user of a key in a plurality of keys is the associated user for the key; and
(c) If the prospective user of a key in the plurality of keys is the associated user for the key, then one of encryption and decryption data within a browser using the key.
Preferably, the computer program product further includes means for, for each key in a plurality of keys, storing a biometric standard determined by measuring a selected feature of the associated user. Further, step (b) preferably comprises (i) receiving a measured biometric value of the selected feature of a prospective user, and (ii) determining if the measured biometric value sufficiently corresponds to the biometric standard. Preferably, step (c) comprises (i) granting use of the key to the prospective us if the measured biometric value sufficiently corresponds to the biometric standard, and (ii) denying use of the key to the prospective user if the measured biometric value insufficiently corresponds to the biometric standard.